/* Listen - Bind to the http endpoint as per configured address, and begin serving requests. This is simply a helper function that calls http.ListenAndServe */ func (i *InternalServer) Listen() error { if len(i.config.Address) == 0 { return ErrInvalidURLAddr } if i.config.SSL.Enabled { if len(i.config.SSL.CertificatePath) == 0 || len(i.config.SSL.PrivateKeyPath) == 0 { return ErrInvalidSSLConfig } // If the static paths are relative then we use the location of the binary to resolve it. if err := binpath.FromBinaryIfRelative(&i.config.SSL.CertificatePath); err != nil { return fmt.Errorf("relative path for certificate could not be resolved: %v", err) } if err := binpath.FromBinaryIfRelative(&i.config.SSL.PrivateKeyPath); err != nil { return fmt.Errorf("relative path for private key could not be resolved: %v", err) } } i.logger.Infof("Serving internal admin requests at address: %v%v\n", i.config.Address, i.config.Path) var err error if i.config.SSL.Enabled { err = http.ListenAndServeTLS( i.config.Address, i.config.SSL.CertificatePath, i.config.SSL.PrivateKeyPath, i.mux, ) } else { err = http.ListenAndServe(i.config.Address, i.mux) } return err }
/* NewInternalServer - Create a new leaps InternalServer. */ func NewInternalServer( admin LeapAdmin, config InternalServerConfig, logger *log.Logger, stats *log.Stats, ) (*InternalServer, error) { auth, err := NewAuthMiddleware(config.HTTPAuth, logger, stats) if err != nil { return nil, err } httpServer := InternalServer{ config: config, admin: admin, logger: logger.NewModule(":http_admin"), stats: stats, mux: http.NewServeMux(), auth: auth, } // Register handling for static files if len(httpServer.config.StaticFilePath) > 0 { if len(httpServer.config.Path) == 0 { return nil, ErrInvalidStaticPath } // If the static file path is relative then we use the location of the binary to resolve it. if err := binpath.FromBinaryIfRelative(&httpServer.config.StaticFilePath); err != nil { return nil, fmt.Errorf("relative path for static files could not be resolved: %v", err) } httpServer.mux.Handle(httpServer.config.Path, httpServer.auth.WrapHandler( // Auth wrap http.StripPrefix(httpServer.config.Path, // File strip prefix wrap http.FileServer(http.Dir(httpServer.config.StaticFilePath))))) // File serve handler } httpServer.registerEndpoints() return &httpServer, nil }
/* accountsFromFile - Extract a map of username and password hashes from a htpasswd file. MD5 hashes are not supported, use SHA1 instead. */ func (a *AuthMiddleware) accountsFromFile(filePath string) error { // If the file path is relative then we use the location of the binary to resolve it. if err := path.FromBinaryIfRelative(&filePath); err != nil { return err } r, err := os.Open(filePath) if err != nil { return err } CSVReader := csv.NewReader(r) CSVReader.Comma = ':' CSVReader.Comment = '#' CSVReader.FieldsPerRecord = 2 userHashes, err := CSVReader.ReadAll() if err != nil { return err } a.accounts = map[string]string{} for _, userHash := range userHashes { a.accounts[userHash[0]] = userHash[1] } return nil }